Advertisement
The ESET discovery is the second real-world UEFI bootkit to be publicly documented in recent weeks, following Kaspersky’s report on a new Windows UEFI bootloader fitted into the FinSpy surveillance spyware product.
According to ESET researchers Anton Cherepanov and Martin Smolar, the malware has evaded detection for almost a decade and was engineered to bypass Windows Driver Signature Enforcement to load its own unsigned driver.
“We traced the roots of this threat back to at least 2012, previously operating as a bootkit for systems with legacy BIOSes,” the research team said, noting that the upgrade to UEFI went unnoticed and undocumented for many years.